Friday, June 14, 2024

Smartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock Smartphone

IoT extends the connectivity of physical devices beyond the standard devices, it affects the daily lives of the users and their information security.

Wearables increase the efficiency of data gathering, researchers from the University of Michigan and the University of South Carolina found it is possible to add thousands of steps to a Fitbit using sound waves at different frequencies.

Experts believe that IoT could contain more than 30 billion objects by 2020 and its market value could reach $7.1 trillion by 2020.

Security researchers from Kaspersky published a research report on examining how wearable signals within wearable devices could allow attackers to intrude victims’ privacy and to gain access to the corporate network of the company they associated.

Most of the smartwatches are cyberphysical systems that controlled by computer algorithms and they are equipped with sensors like magnetometers, accelerometers, and gyroscopes that logs user data.

Kingwear KW88 and PYiALCY X200 smartwatches are selected for this study due it’s simplicity of writing apps for them and they developed a simple app for the study.

Tracking the Victim

With smartwatch inbuilt accelerometers and gyroscopes signals readings, it can be assumed the user activity at the moment.

When the user is walking, the hand wearing the smartwatch oscillates like a pendulum. Pendulum swings are a periodic process, so it can be assumed that the user was walking at that moment.

Pic Courtesy: SecureList

In another segment there no change with the periodic oscillations but the change in the accelerometer signal envelope axis. Possibly it could be a public transport with stops.

Another time slice is with short periods of activities and unexpected hand movements, researchers assumed the person could probably indoors.

Pic Courtesy: SecureList

PIN codes

According to researchers, it is possible to capture a PIN code based on the accelerometer and gyroscope signals from a smartwatch.

By deciphering the three axes of the accelerometer and gyroscope signals, a random person pin code can be detected with a minimum accuracy of 80%.

Computer and smartphones unlocking

For unblocking the device the hand movements and corresponding acceleration are minimal. Based on the cross-correlation of data for the corresponding axes of the accelerometer and gyroscope.

Smallest cross-correlation function values obtained for unlocking smartphones (up to 64%), and for computer password it is the largest (up to 96%).

Researchers concluded that “without a doubt, portable cyber-physical systems expand the attack surface for potential intruders. The recorded signals can be transmitted by the phone to the attacker’s server whenever the latter has access to the Internet.”

“So an unassuming fitness app or a new watch face from the Google Play store can be used against you, right now in fact”.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles